> Date: Wed, 6 Mar 2019 06:31:17
> From: Theo Buehler <[email protected]>
(snip)
> If you're up for it, it would probably be a good idea to look at the
> changes introduced by the commit you mentioned and see what else looks
> suspicious and needs fixing.
(snip)
I went through the files affected by said commit and focused on INTEGER
vs. STRING mixup only (mostly related to serialNumber, once related to
zone). Then I greped through the rest of libcrypto sources and found just
x_crl.c to have a mixup.
I did not touch asn1/a_strnid.c, where the serialNumber is listed as
B_ASN1_PRINTABLESTRING. I don't know enough here, so I better leave
this for the experts.
Holger
Index: asn1/x_crl.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/asn1/x_crl.c,v
retrieving revision 1.33
diff -u -p -u -r1.33 x_crl.c
--- asn1/x_crl.c 24 Aug 2018 19:55:58 -0000 1.33
+++ asn1/x_crl.c 6 Mar 2019 21:46:52 -0000
@@ -527,9 +527,7 @@ X509_CRL_dup(X509_CRL *x)
static int
X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b)
{
- return(ASN1_STRING_cmp(
- (ASN1_STRING *)(*a)->serialNumber,
- (ASN1_STRING *)(*b)->serialNumber));
+ return(ASN1_INTEGER_cmp((*a)->serialNumber, (*b)->serialNumber));
}
int
Index: pkcs7/pk7_doit.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/pkcs7/pk7_doit.c,v
retrieving revision 1.42
diff -u -p -u -r1.42 pk7_doit.c
--- pkcs7/pk7_doit.c 2 May 2017 03:59:45 -0000 1.42
+++ pkcs7/pk7_doit.c 6 Mar 2019 21:46:52 -0000
@@ -410,7 +410,7 @@ pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509
pcert->cert_info->issuer);
if (ret)
return ret;
- return ASN1_STRING_cmp(pcert->cert_info->serialNumber,
+ return ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
ri->issuer_and_serial->serial);
}
Index: pkcs7/pk7_lib.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/pkcs7/pk7_lib.c,v
retrieving revision 1.19
diff -u -p -u -r1.19 pk7_lib.c
--- pkcs7/pk7_lib.c 29 Jan 2017 17:49:23 -0000 1.19
+++ pkcs7/pk7_lib.c 6 Mar 2019 21:46:53 -0000
@@ -374,7 +374,7 @@ PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO
* things the ugly way. */
ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
if (!(p7i->issuer_and_serial->serial =
- ASN1_STRING_dup(X509_get_serialNumber(x509))))
+ ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
goto err;
/* lets keep the pkey around for a while */
@@ -534,7 +534,7 @@ PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p
ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
if (!(p7i->issuer_and_serial->serial =
- ASN1_STRING_dup(X509_get_serialNumber(x509))))
+ ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
return 0;
pkey = X509_get_pubkey(x509);
Index: x509/x509_cmp.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509_cmp.c,v
retrieving revision 1.34
diff -u -p -u -r1.34 x509_cmp.c
--- x509/x509_cmp.c 24 Aug 2018 19:59:32 -0000 1.34
+++ x509/x509_cmp.c 6 Mar 2019 21:46:53 -0000
@@ -76,7 +76,7 @@ X509_issuer_and_serial_cmp(const X509 *a
ai = a->cert_info;
bi = b->cert_info;
- i = ASN1_STRING_cmp(ai->serialNumber, bi->serialNumber);
+ i = ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
if (i)
return (i);
return (X509_NAME_cmp(ai->issuer, bi->issuer));
Index: x509v3/v3_sxnet.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509v3/v3_sxnet.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 v3_sxnet.c
--- x509v3/v3_sxnet.c 13 May 2018 15:03:01 -0000 1.21
+++ x509v3/v3_sxnet.c 6 Mar 2019 21:46:53 -0000
@@ -376,7 +376,7 @@ SXNET_get_id_INTEGER(SXNET *sx, ASN1_INT
for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
id = sk_SXNETID_value(sx->ids, i);
- if (!ASN1_STRING_cmp(id->zone, zone))
+ if (!ASN1_INTEGER_cmp(id->zone, zone))
return id->user;
}
return NULL;
